Spoofing . . . Masquerading as someone or something else
Spoofing is pretending to be someone or something to obscure your real identity. It could be a website, email address, Caller ID or credit card number that is being duplicated. Spoofing isn’t all bad and there are circumstances where it is a legitimate technique. For instance, if you have a tele-marketer call on your behalf, they may spoof your number so your information is displayed on Caller ID. In the early days of the Internet, email spoofing was often used especially for system-to-system communications. The basic mail protocols that we continue to use today are open and easy to spoof. That’s why you should take a closer look.
Phone number spoofing
Spoofing a phone number can be done for legitimate or diabolical reasons. With the availability of Caller ID technology came the ability to fool the system. Tele-marketers will spoof a phone number with the permission of the company so that when a call is made it looks like it is coming directly from the company and not the tele-marketer. But there are times where this technique is illegal or questionable. It has been employed by collection agencies to mask their identity and used for phony marketing, prank calls and fraudulent schemes.
Caller ID spoofing is easy to do. The best way to protect yourself is to call the person or company back if you have any suspicion.
Email spoofing starts with forging the email header. This makes it look like it came from someone other than the sender. This tactic is used in phishing, spam and other scams. It can make the email look like it came from someone that you know or a legitimate source, so you will be more likely to open the email and follow the instructions. The CEO fraud is an example of a spoofing attack. It is believed that the hackers get information from LinkedIn or other social media sites to impersonate C-level executives and have their staff wire funds. Losses from this scam are often quoted in the billions of dollars.
Interestingly email spoofing has a legitimate origin. It was often used in the early Internet especially for system-to-system relaying requiring a specific sender. Today, email spoofing is commonly used for hacks and scams. It exploits a vulnerability in basic email protocols created for convenience, not security. The best way to protect yourself is to learn how to recognize scam emails. Another method is to “reply” to the message without actually sending. If the reply to email is different from the stated sender, the email was spoofed.
Fake websites can absolutely look like the real thing. From the graphics to contact information, scammers create websites that look authentic. The endgame may be to get you to make a purchase with your credit card or to get your login/password for your bank or email account or to sell you a counterfeit designer product at an unbelievable low price. Depending upon the scam, it might be a simple rip-off or it could be a nightmare of identity theft and malware infections.
To protect yourself, always check the domain name. Many fake sites will use a close domain name like acme-usa.com to spoof acme.com. An email may even come from acme-usa.com to add dimension to the scam. Your anti-virus and anti-malware will sometimes catch these threats, but there are so many that you must take a closer, more critical look. Remember, anti-software is often defensive so hackers have the offensive field advantage.
Stealing or intercepting credit and debit card information is a big business. Card information is often stolen online, from your wallet or when out of your possession, but there is another way. You may have heard of skimmers. These are devices that attach to the card reader to record the card information when you swipe. The skimmed data can be used for an electronic transaction or to make a counterfeit card. To protect yourself, beware of fake sites, report your card if it is lost or stolen and take an extra look before you swipe. Skimmers are installed over a legitimate card reader and can be hard to detect. Look for an extra piece of rubber or plastic over the card reader. If you have any doubt, don’t swipe.
Another trick is to steal the number on gift cards and monitor until they are legitimately purchased then quickly empty the account. To protect yourself, never purchase a gift card where the package is bent or torn.
If you see something suspicious, report it. Merchants, banks and law enforcement should be contacted if you suspect card skimming, fraud or theft. Caller ID spoofing should be reported to the FCC 1-888-CALL-FCC (1-888-225-5322). If you see something that concerns you and want to discuss, you can contact at our HelpDesk 770 662-0312 or email HelpDesk@lansystems.com.